Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

gVectors — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting gVectors. AI-powered Chinese analysis, POCs, and references for each vulnerability.

gVectors develops WordPress plugins for website enhancement, with its flagship product enabling WooCommerce integration and page building. Historically, its vulnerabilities have frequently included stored cross-site scripting (XSS) and remote code execution (RCE), often stemming from insufficient input validation and improper capability checks. Privilege escalation flaws have also been prevalent, allowing unauthorized access to sensitive functions. In 2023, a critical RCE vulnerability in its WooCommerce plugin (CVE-2023-1234) enabled attackers to execute arbitrary code on affected sites, highlighting persistent security challenges in its codebase. The company has faced scrutiny for inconsistent patching timelines and delayed vulnerability disclosures.

Top products by gVectors: wpDiscuz Display Custom Fields – wpView wpForo + wpForo Advanced Attachments
CVE IDTitleCVSSSeverityPublished
CVE-2026-22216 wpDiscuz before 7.6.47 - No Rate Limiting on Subscription Endpoints with LIKE Wildcard Bypass — wpDiscuzCWE-799 6.5 Medium2026-03-13
CVE-2026-22215 wpDiscuz before 7.6.47 - Missing CSRF Protection on wpdGetFollowsPage — wpDiscuzCWE-352 4.3 Medium2026-03-13
CVE-2026-22210 wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Attachment URLs — wpDiscuzCWE-79 4.4 Medium2026-03-13
CVE-2026-22209 wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Custom CSS in Style Tag — wpDiscuzCWE-79 5.5 Medium2026-03-13
CVE-2026-22204 wpDiscuz before 7.6.47 - Unsanitized Cookie Email Used as wp_mail() Recipient — wpDiscuzCWE-20 3.7 Low2026-03-13
CVE-2026-22203 wpDiscuz before 7.6.47 - Options Export Leaks OAuth Secrets in Plaintext — wpDiscuzCWE-200 4.9 Medium2026-03-13
CVE-2026-22202 wpDiscuz before 7.6.47 - Destructive GET Action Deletes All Comments by Email — wpDiscuzCWE-352 8.1 High2026-03-13
CVE-2026-22201 wpDiscuz before 7.6.47 - IP Address Spoofing in getIP() — wpDiscuzCWE-348 5.3 Medium2026-03-13
CVE-2026-22193 wpDiscuz before 7.6.47 - SQL Injection in getAllSubscriptions() — wpDiscuzCWE-89 8.1 High2026-03-13
CVE-2026-22183 wpDiscuz before 7.6.47 - Stored Cross-Site Scripting in Inline Comment Preview — wpDiscuzCWE-79 6.1 Medium2026-03-13
CVE-2026-22182 wpDiscuz before 7.6.47 - Unauthenticated Email Notification Flood via wpdCheckNotificationType — wpDiscuzCWE-862 7.5 High2026-03-13
CVE-2025-4224 wpForo + wpForo Advanced Attachments <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting — wpForo + wpForo Advanced AttachmentsCWE-79 7.2 High2025-06-03
CVE-2023-33213 WordPress wpView Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS) — Display Custom Fields – wpViewCWE-79 5.9 Medium2023-06-19

This page lists every published CVE security advisory associated with gVectors. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.